Checks whether data encryption is enabled for a Log Service Logstore.
Scenarios
Log Service supports encrypting data at rest with Key Management Service (KMS).
Risk level
Default risk level: medium.
You can change the risk level when you apply this rule.
Evaluation logic
- If data encryption is enabled for the Logstore, the evaluation result is compliant.
- If data encryption is disabled for the Logstore, the evaluation result is non-compliant. Correct this by following Non-compliance remediation.
Rule details
| Item | Description |
| Rule name | sls-logstore-enabled-encrypt |
| Rule ID | sls-logstore-enabled-encrypt |
| Tag | SLS and LogStore |
| Automatic remediation | Not supported |
| Trigger type | Configuration change and periodic execution |
| Time interval | 24 hours |
| Supported resource type | Log Service flow logs |
| Input parameter | None |
Non-compliance remediation
Enable data encryption for the Logstore in Log Service. For more information, see Data encryption.
该文章对您有帮助吗?